sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Keyserver operators with reverse proxies: read this plea

From: Phil Pennock
Subject: Re: [Sks-devel] Keyserver operators with reverse proxies: read this please
Date: Sat, 2 Mar 2013 22:21:04 -0500 
On 2013-03-02 at 20:39 -0500, Phil Pennock wrote:
> On 2013-03-02 at 13:38 -0600, John Clizbe wrote:
> > Does not appear to be failing. I have not added the "RequestHeader unset
> > Expect early" directive you suggest. Perhaps this is sensitive to particular
> > releases of Apache?
> 
> That's what I was afraid of.
> 
> It's failing against keys.wuschelpuschel.org which is GnuKS, but there's
> no reason to believe it's caused by it being GnuKS instead of SKS.  They
> both advertise as HTTP/1.0.
> 
> That vhost just says Apache, but if it's the same version that's running
> <http://www.wuschelpuschel.org/> then it's "Apache/2.2.16 (Debian)".

http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES

Changes with Apache 2.2.10
[...]
  *) mod_proxy_http: Do not forward requests with 'Expect: 100-continue' to
     known HTTP/1.0 servers. Return 'Expectation failed' (417) instead.
     [Ruediger Pluem]

Apache trunk commit history:

------------------------------------------------------------------------
r661506 | rpluem | 2008-05-29 18:19:17 -0400 (Thu, 29 May 2008) | 4 lines

* According to RFC 2616 8.2.3 we are not allowed to forward an
  Expect: 100-continue to an HTTP/1.0 server. Instead we MUST return
  a HTTP_EXPECTATION_FAILED.

------------------------------------------------------------------------

This item in the CHANGES file was removed from the 2.4.x CHANGES file as
of r686404; otherwise it would have been in the 2.3.0 section.

So supposedly this exists in all 2.4.x and in 2.2.x from 2.2.10 onwards.

The code is still there in 2.4.x.


Okay, it looks as though Apache is *not* implementing the "learn if the
backend is HTTP/1.0" semantics advocated by RFC2616.  Instead, it looks
as though you have to explicitly configure Apache with:
  SetEnv force-proxy-request-1.0 <somevalue>

So in fact, this is not normally biting Apache.  I'll update the wiki
now.

John, Daniel: thanks for getting back to me and helping pin this down.

-Phil
reply via email to
[Prev in Thread] Current Thread [Next in Thread]